Regular Contributor I

RAP2-WG across WAN through a checkpoint firewall.



The setup is master-standby, they share a vrrp-address. There are about 4 local controllers. No PEF or PEFNG license. 


we have a RAP-2WG connecting from the internet via a checkpoint firewall. 


The RAP comes up fine, if the RAP is in the internal network, in the same vlan as the controllers are in.. 


When its on the internet, the IPSEC SA is formed, ISAKMP SA is also getting formed. We see the RAP up on the controller for about 1:30 minutes & goes down forever. 


Is it mandatory to have a PEFNG license in order to bring up an RAP-2WG?

Guru Elite

Re: RAP2-WG across WAN through a checkpoint firewall.

Hopefully, you don't have the static NAT pointing to the VRRP address, because having a NAT pointint to a VRRP does not work with firewalls.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: